Not a bug bounty hunter myself, but it seems like one of those things that you just have to jump into and start trying to do. So many bounties seem to be pretty low-hanging fruit type of stuff. The payouts might be either LOW or non-paid, just recognition type stuff, but seeing an accepted bounty submission come back does a lot for your confidence. It’s like CTFs in a way. Getting into CTFs seems intimidating at first, but then when you go actually do one and you have some level of success, it starts to feel a bit more approachable, you get more XP and you do better the next time.